News and my experience working with GNU/Linux and open source softwares.

Monday, November 3, 2008

NAT and ip forwarding

NAT (be it SNAT or DNAT) relies on ip forwarding. You enable it, they are effective. I forgot to think about it last time ( I think 3 months ago) I setup Linux as a router. This is because server distros, enable it by default. Some distros however do not and most of them distros targeted for desktop/home users (pls check all popular distros to confirm). To enable it, you have to run this 2 commands:

sysctl -w net.ipv4.ip_forward=1sysctl -p /etc/sysctl.conf

Of course you have to root to run those.

The first command is to write 1 in /proc/sys/net/ipv4/ip_forward. It is equivalent to this command:

echo 1 > /proc/net/ipv4/ip_forward

The second command is to apply all changes in file /etc/sysctl.conf.

Whatever you set in sysctl.conf will be applied every system restart. So that's important if you want to enable it permanently as in the case of a router. First command doesn't do that. You have to edit sysctl.conf to make it permanent because it will be read every system restart. Edit the file with your favorite text editor (i personally use joe) and make sure it contains this line:

net.ipv4.ip_forward = 1

This is just a quick solution for this topic. It doesn't cover everything you should know about sysctl.conf and ip forwarding. You can just google to find more info about them.